Trojan.Agent/Gen-FakeAV and Trojan.Agent/Gen-Tracur

I have a windows 7 system which has not been allowing downloads. When I try to download a file, it stops just prior to completion with the message "The *** download was interrupted."

After I select Resume, the download finishes with the message "The signature of **** is corrupt or invalid."

When I attempt to execute the file, I get the message: "Installer integrity check has failed. Common causes include incomplete download and damaged media. Contact the installer's author to obtain a new copy. More information at: http:/nsis.sf.net/NSIS_Error"

I ran MyTurboPC which may of been a mistake.

I also tried stopping all the non Microsoft processes, and also all the startup programs.

Can also try upload the two SAS surfaced exe into virustotal to scan. Looks like more of PUP and false positives.

May also want to check any new (or suspicious) add on included in browser managed add on too. Can try disable those toolbars and try download. E.g. Clear browser cache and disable any download accelerators or managers and download the installer again.

If your computer will boot to “Normal Mode”, then in all cases that is how you should attempt to make the repair.
(The following comments in italics are courtesy of rpggamergirl):

During a Safe Mode boot, most malware processes are not running and Malwarebytes' heuristic detection can't detect them.

Malware processes must be active while doing the scan so scanning in Safe Mode is not going to be as effective.

Malwarebytes’ Direct Disk Access (DDA) is not running so the detection of rootkits and other stealth hidden nasties in this mode is not optimized.

While malware processes are not active in Safe Mode, most rootkits are - so MBAM is disadvantaged and will miss detecting them.

Windows File Protection is not on in Safe Mode in Windows 2000/XP/2003 Server so any patched system files e.g. explorer.exe, winlogon.exe, userinit.exe that are deleted by the scanner will not be replaced.

So please run the tools in the normal mode and NOT in SafeMode and post the results once more.

No, I did not press "Delete" on RogueKiller. I did not have any of the tools correct the issues found. I wanted to give you the logs first before taking any actions. Do you want me to rerun and correct issues?

Sure but probably running other mbr check tool in my forst posting link can help validate if mbrcheck findings. We do want to avoid false positive as if mbr is infected, we should just rebuild the machine.

Likely the unknown MBRcode is due to another boot mgr like grub2Dos or due to recovery partition restoration purpose by machine vendor like Dell has such recovery function.

To further confirm we can run GMER which is also stated in my earlier posted link. Below is a snapshot if the log created is resemblance to malware rootkits include mbr infector like TDL4/Alureon@mbr, so look out for " <-- ROOTKIT !!!"http://www2.gmer.net/rootkits.php

Logs seems to be clear now. Now we would run another tool to see if it could find something nasty.

Run OTL.

OTL by OldTimer is a flexible, multipurpose, diagnostic, and malware removal tool. It's useful for identifying changes made to a system by spyware, malware and other unwanted programs. It creates detailed reports of registry and file settings, and also includes advanced tools and scripting ability for manual removing malware.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Then click the Run Fix button at the top.
Click OK
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Glad to know. Just for info.
The C:\Windows\system32\config\system is a hive file for the HKLM\System. Likely the Antivirus, Firewall and any other security programs are protecting it. Also need to run as Administrator which I see you already is having. Another means is try running GMER in Safe Mode, however rootkits which don't work in Safe Mode won't be detected.

Understand there is OTL CleanUp feature that will automatically remove many of the tools that are commonly used in malware removal from the user's machine.

Did you disable or stop other security sw in the machine before running GMER? ProcessExplorer should help to "kill the process" and also just a slight note to run in elevated mode e.g. Run as Administrator. Some of them can be active in safe mode too.

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.

This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data.
But that feeling is fleeting. Attacks these days can happen in many w…